dad5c71ee8aa91f91125f2bc29ea9afe916ba842c28f92047e4d55e4af4b67da | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 19:21

Sharing

Report Analysis Logs

General

Target

jaureg.exe
Size

514KB
MD5

5bc2adbc6146a6e5c3250b5733489233
SHA1

c3786293d71dabe6f167485ff7a7ae4f07062b22
SHA256

dad5c71ee8aa91f91125f2bc29ea9afe916ba842c28f92047e4d55e4af4b67da
SHA512

a48589b05f141714244ea04fc2cbd2becc0d72b21045b96b5365111b62a4be1d4eab54130e683944248a789b25ae1a8d6a29d66083bd507a8b5ebae6ad5d0607
SSDEEP

6144:BacjmdCxN7fyvECEpRZ0kSPikLj2LXkMT4A37GaY80kz2/VNegoDVAOIuguOuSY3:B8UxRyvCPsPikLj2jZ7dwegoiuKYHKTq

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	taskmgr.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe
1944	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\jaureg.exe
"C:\Users\Admin\AppData\Local\Temp\jaureg.exe"
1⤵
PID:3032

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-2-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download